Published On: Sun, Jun 20th, 2021

Security flaws found in Samsung’s batch mobile apps

A mobile confidence startup has found 7 confidence flaws in Samsung’s pre-installed mobile apps, that it says if abused could have authorised enemy extended entrance to a victim’s personal data.

Oversecured pronounced a vulnerabilities were found in several apps and components bundled with Samsung phones and tablets. Oversecured owner Sergey Toshin told TechCrunch that a vulnerabilities were accurate on a Samsung Galaxy S10+ though that all Samsung inclination could be potentially influenced since a baked-in apps are obliged for complement functionality.

Toshin pronounced a vulnerabilities could have authorised a antagonistic app on a same device to take a victim’s photos, videos, contacts, call annals and messages, and change settings “without any user agree or notice” by hijacking a permissions from Samsung’s batch apps.

One of a flaws could have authorised a burglary of information by exploiting a disadvantage in Samsung’s Secure Folder app, that has a “large set” of rights opposite a device. In a proof-of-concept, Toshin showed a bug could be used to take contacts data. Another bug in Samsung’s Knox confidence program could have been abused to implement other antagonistic apps, while a bug in Samsung Dex could have been used to scratch information from user notifications from apps, email inboxes and messages.

Oversecured published technical sum of a vulnerabilities in a blog post, and pronounced it reported a bugs to Samsung, that bound a flaws.

Samsung reliable a flaws influenced “selected” Galaxy inclination though would not yield a list of specific devices. “There have been no famous reported issues globally and users should be positive that their supportive information was not during risk,” though supposing no justification for this claim. “We addressed a intensity disadvantage by building and arising confidence rags around program refurbish in Apr and May, 2021 as shortly as we identified this issue.”

The startup, that launched progressing this year after self-funding $1 million in bug annuity payouts, uses automation to hunt for vulnerabilities in Android code. Toshin has found identical confidence flaws in TikTok and Android’s Google Play app.

Mobile confidence startup Oversecured launches after self-funding $1 million, interjection to bug annuity payouts

The do’s and don’ts of bug annuity programs with Katie Moussouris


About the Author